National Skill Development Corporation (NSDC), intends to Select Chief Information Security Officer as a Services (CISO-as-a- Service) (Onsite). NSDC seeks proposals from interested bidders for appointment of agency for providing CISO as-a- Service (CISO-as-a-service).
Duration of Assignment:
The duration of assignment will be one (01) year from the date of signing of contract by both the parties. However, the quality of service provided by the Bidder and the performance of the Bidder shall be reviewed quarterly and in case the performance is found unsatisfactory, the Bidder’s contract can be terminated at NSDC’s discretion. If the performance is found satisfactory then the contract may be extended for further duration based on mutual consent. In case there is a requirement for more Bidders for any reason, NSDC may procure services from more Bidders for similar purposes.
Submission of Proposal:
The Consultant shall submit Technical and Financial Proposal only on eProcurement Portal https://nsdc.eproc.in
Educational & Years of experience:
- Experience: > 12 years
- Qualification: Engineering or Post-Graduate in Computer Science/ IT/ Electronics & Communication or a Cyber Security related field or MCA or equivalent qualification from a recognized university
- Certifications (any): = i. Certified Information Systems Security Professional (CISSP) ii. Certified Information Security Manager (CISM) iii. Certified Chief Information Security Officer (CCISO) iv. Certified Information Security Auditor (CISA) c. Certified Ethical Hacker certification
Roles & Responsibility
- Security Strategy & Planning
- Develop and implement a comprehensive information security strategy aligned with the organization’s goals and objectives.
- Conduct risk assessments and prioritize security initiatives based on business needs and risk exposure.
- Policy and Compliance Management:
- Develop, review, and update information security policies, standards, and procedures to ensure compliance with relevant regulations and standards (e.g., GDPR, HIPAA, ISO 27001).
- Monitor regulatory changes and ensure the organization remains compliant with applicable laws and regulations.
- Security awareness & training
- Develop and deliver security awareness training programs to educate employees about security best practices and potential threats.
- Promote a culture of security awareness and compliance throughout the organization.
- Incident Response and Management
- Develop and maintain an incident response plan to effectively detect, respond to, and recover from security incidents.
- Lead incident response efforts during security breaches, coordinating with internal teams, external stakeholders, and law enforcement as necessary.
- Security architecture and design
- Provide guidance on the design and implementation of secure systems, networks, and applications.
- Conduct security architecture reviews and recommend improvements to enhance the overall security posture.
- Security Incident Monitoring and Threat Intelligence:
- Implement security monitoring tools and technologies to detect and respond to security threats in real-time.
- Stay abreast of the latest threat intelligence and security trends to proactively identify emerging threats and vulnerabilities.
- Security Operations Center (SOC) Management:
- Establish and manage a Security Operations Center (SOC) or oversee third-party SOC services.
- Ensure the SOC operates effectively to monitor, detect, and respond to security incidents.
- Business Continuity and Disaster Recovery Planning:
- Develop and maintain business continuity and disaster recovery plans to ensure the organization can continue operating in the event of a security incident or disaster.
- Conduct regular testing and exercises to validate the effectiveness of these plans.
- Security Budgeting and Resource Allocation:
- Develop and manage the security budget, allocating resources effectively to address the organization’s security priorities and needs.
- Identify opportunities for cost optimization and efficiency improvements within the security program.
- Executive Leadership and Communication:
- Serve as the primary point of contact and advisor on security matters for executive leadership and the board of directors.
- Communicate effectively with stakeholders to convey the importance of security initiatives and obtain buy-in for security investments.
- Continuous Improvement and Innovation:
- Continuously assess the effectiveness of security controls and processes and identify areas for improvement.
- Drive innovation in security technologies and practices to stay ahead of evolving threats and risks.
- Risk identification, assessment and treatment.
- CISO is to be deployed within a week of the date of Purchase Order